US20200053162A1 - Device and media redirection technique for a browser-based remote desktop client - Google Patents
Device and media redirection technique for a browser-based remote desktop client Download PDFInfo
- Publication number
- US20200053162A1 US20200053162A1 US16/057,676 US201816057676A US2020053162A1 US 20200053162 A1 US20200053162 A1 US 20200053162A1 US 201816057676 A US201816057676 A US 201816057676A US 2020053162 A1 US2020053162 A1 US 2020053162A1
- Authority
- US
- United States
- Prior art keywords
- browser
- session
- server
- client
- remote
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
-
- H04L61/2007—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/131—Protocols for games, networked simulations or virtual reality
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H04L67/42—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/563—Data redirection of data network streams
Abstract
Description
- N/A
- The present invention is generally directed to redirection in a virtual desktop infrastructure (VDI) environment that employs browser-based (e.g., HTML5) remote desktop clients. This redirection includes redirecting a locally connected device to the server for access within a remote session and redirecting media from the server for rendering on the client.
- USB device redirection generally refers to making a USB device that is connected to a client accessible within a virtual desktop as if the USB device had been physically connected to the virtual desktop. In other words, when USB device redirection is implemented, a user can connect a USB device to his or her client terminal and the USB device will function as if it had been connected to the server. Media redirection (e.g., Flash, multimedia, display, sound, etc.) generally refers to causing the media to be rendered on the client rather than on the server.
-
FIGS. 1 and 2 and the following description will provide a general overview of how USB device redirection can be implemented in accordance with some embodiments of the present invention. InFIG. 1 , acomputing system 100 is depicted as including a number ofclient terminals 102 a-102 n (referenced generally herein as client(s) 102) in communication with aserver 104 via anetwork 106.Server 104 can be configured to support a remote session (e.g., a remote desktop session) wherein a user at aclient 102 can remotely access applications and data at theserver 104 from theclient 102. Such a connection may be established using any of several well-known techniques such as the Remote Desktop Protocol (RDP) and the Citrix® Independent Computing Architecture (ICA). -
Client terminal 102 may represent a computer, a mobile phone (e.g., smart phone), a laptop computer, a thin client terminal, a personal digital assistant (PDA), a portable computing terminal, or a suitable terminal or device with a processor.Server 104 may represent a computer, a laptop computer, a computing terminal, a virtual machine (e.g., VMware® Virtual Machine), a desktop session (e.g., Microsoft Terminal Server), a published application (e.g., Microsoft Terminal Server) or a suitable terminal with a processor. -
Client 102 may initiate a remote session withserver 104 by sending a request for remote access and credentials (e.g., login name and password) toserver 104. Ifserver 104 accepts the credentials fromclient 102, thenserver 104 may establish a remote session, which allows a user atclient 102 to access applications and data atserver 104. During the remote session,server 104 sends display data toclient 102 overnetwork 106, which may include display data of a desktop and/or one or more applications running onserver 104. The desktop may include, for example, icons corresponding to different applications that can be launched onserver 104. The display data allowsclient 102 to locally display the desktop and/or applications running onserver 104. - During the remote session,
client 102 may send user commands (e.g., inputted via a mouse or keyboard at client 102) to server 104 overnetwork 106.Server 104 may process the user commands fromclient 102 similar to user commands received from an input device that is local toserver 104. For example, if the user commands include mouse movements, thenserver 104 may move a pointer on the desktop running onserver 104 accordingly. When the display data of the desktop and/or application changes in response to the user commands,server 104 sends the updated display data toclient 102.Client 102 locally displays the updated display data so that the user atclient 102 can view changes atserver 104 in response to the user commands. Together, these aspects allow the user atclient 102 to locally view and input commands to the desktop and/or application that is running remotely onserver 104. From the perspective of the client, the desktop running onserver 104 may represent a virtual desktop environment. -
FIG. 2 is a block diagram of aVDI environment 200 in accordance with embodiments of the present invention. VDIenvironment 200 may includeclient 102 in communication withserver 104 overnetwork 106 as illustrated inFIG. 1 .Client 102 includes aremote desktop client 200 a which includes the various components necessary for establishing a remote session onserver 104. To enable USB device redirection,remote desktop client 200 a includes aproxy 210, astub driver 220, and a bus driver 230.Client 102 can be connected to a device 240, as shown inFIG. 2 .Server 104 may include anagent 250 and a virtual bus driver 260.Proxy 210 andagent 250 are typically configured to communicate over a virtual channel. - In accordance with USB device redirection techniques, while device 240 is not locally or physically connected to
server 104 and is remote toserver 104, device 240 appears to server 104 as if it is locally connected toserver 104, as discussed further below. Thus, device 240 appears to server 104 as avirtual device 290. - By way of illustration and not limitation, device 240 may be any type of USB device including a machine-readable storage medium (e.g., flash storage device), a printer, a scanner, a camera, a facsimile machine, a phone, an audio device (e.g., a headset), a video device (e.g., a camera), a peripheral device, or other suitable device that can be connected to
client 102. Device 240 may be an external device (i.e., external to client 102) or an internal device (i.e., internal to client 102). For purposes of this application, device 240 can represent an authentication device such as a smart card. - Bus driver 230 can be configured to allow the operating system and programs of
client 102 to interact with device 240. In one aspect, when device 240 is connected to client 102 (e.g., plugged into a port of client 102), bus driver 230 may detect the presence of device 240 and read information regarding device 240 (“device information”) from device 240. The device information may include features, characteristics and other information specific to device 240 such as a device descriptor (e.g., product ID, vendor ID and/or other information), a configuration descriptor, an interface descriptor, an endpoint descriptor and/or a string descriptor. Bus driver 230 may communicate with device 240 through a computer bus or other wired or wireless communications interface. - In accordance with USB device redirection techniques, device 240 may be accessed from
server 104 as if the device were connected locally to server 240. Device 240 may be accessed fromserver 104 whenclient 102 is connected toserver 104 through a remote session running onserver 104. For example, device 240 may be accessible from the desktop running on server 104 (i.e., virtual desktop environment). To enable this, bus driver 230 may be configured to loadstub driver 220 as the default driver for device 240.Stub driver 220 may be configured to report the presence of device 240 toproxy 210 and to provide the device information (e.g., device descriptor) toproxy 210.Proxy 210 may be configured to report the presence of device 240, along with the device information, toagent 250 ofserver 104 over network 106 (e.g., via a TCP or UDP socket). Thus,stub driver 220 redirects device 240 toserver 104 viaproxy 210. -
Agent 250 may be configured to receive the report fromproxy 210 that device 240 is connected toclient 102 and the device information.Agent 250 may further be configured to associate with the report fromproxy 210 one or more identifiers forclient 102 and/or for a remote session through whichclient 102 is connected toserver 104, such as a session number or a session locally unique identifier (LUID).Agent 250 can provide notification of device 240, along with the device information, to virtual bus driver 260. Virtual bus driver 260 (which may be a Dell Wyse TCX USB bus driver, or any other bus driver) may be configured to create and store in memory a record corresponding to device 240. This record may include at least part of the device information and session identifiers received fromagent 250. Virtual bus driver 260 may be configured to report tooperating system 170 ofserver 104 that device 240 is connected and to provide the device information to the operating system. This allows the operating system ofserver 104 to recognize the presence of device 240 even though device 240 is connected toclient 102. - The operating system of
server 104 may use the device information to find and load one or more appropriate device drivers for device 240 atserver 104. Each driver may have an associated device object (object(s) 281 a, 281 b, . . . , 281 n, referred to generally as device object(s) 281), as illustratively shown inFIG. 2 . A device object 281 is a software implementation of a real device 240 or a virtualized (or conceptual)device 290. Different device objects 281 layer over each other to provide the complete functionality. The different device objects 281 are associated with different device drivers (driver(s) 282 a, 282 b, . . . 282 n, referred to generally as device driver(s) 282). In an example, a device 240 such as a USB flash drive may have associated device objects including objects corresponding to a USB driver, a storage driver, a volume manager driver, and a file system driver for the device. The device objects 281 corresponding to a same device 240 form alayered device stack 280 for device 240. For example, for a USB device, a USB bus driver will create adevice object 281 a stating that a new device has been plugged in. Next, a plug-and-play (PNP) component of the operating system will search for and load the best driver for device 240, which will create anotherdevice object 281 b that is layered over theprevious device object 281 a. The layering of device objects 281 will createdevice stack 280. - Device objects 281 may be stored in a memory of the
server 104 associated with virtual bus driver 260. In particular, device objects 281 and resultingdevice stack 280 may be stored in random-access memory ofserver 104. Different devices 240/290 can have device stacks having different device objects and different numbers of device objects. The device stack may be ordered, such that lower level device objects (corresponding to lower level device drivers) have lower numbers than higher level device objects (corresponding to higher level device drivers). The device stack may be traversed downwards by traversing the stack from higher level objects to lower level objects. For example, in the case of anillustrative device stack 280 corresponding to a USB flash drive, the ordered device stack may be traversed downwards from a high-level file system driver device object, to a volume manager driver device object, to a storage driver device object, to a USB driver device object, and finally to a low-level virtual bus driver device object. Different device stacks 280 can be layered over each other to provide the functionality of the devices 240/290 inside devices, like USB Headsets, or USB pen drives. A USB pen drive, for example, can create a USB device stack first, over which it can create a storage device stack, where each of the device stacks have two or more device objects. - Once one or more device object(s) 281 are loaded by operating
system 170 ofserver 104, each device object 281 can create a symbolic link (also referred to as a “device interface”) to device object 281 and associated device driver 282. The symbolic link is used by applications running onserver 104 to access device object 281 and device 240/290. The symbolic link can be created by a call to a function such as IoCreateSymbolicLink( ) including such arguments as a name for the symbolic link, and a name of device object 281 or associated device 240. In one example, for example, a symbolic link to a USB flash drive device 240 is created by a call from a device object 281 for device 240 to the function IoCreateSymbolicLink( )including arguments “\\GLOBAL??\C:” (i.e., the name for the symbolic link) and “\Device\HarddiskVolume1” (i.e., a name of the device object). - The creation of a symbolic link results in an entry being created in an object manager namespace (OMN) of
operating system 170. The OMN stores information on symbolic links created for and used by operatingsystem 170, including symbolic links for devices 240,virtualized devices 290, andapplications 270 running onserver 104. - As a result of the symbolic link creation process, a symbolic link to device 240 is enumerated in the OMN of
server 104. Once the presence of device 240 is reported tooperating system 170 ofserver 104, device 240 may be accessible from a remote session (and associated desktop) running on server 104 (i.e., virtual desktop environment). For example, device 240 may appear as an icon on the virtual desktop environment and/or may be accessed by applications running onserver 104. - An
application 270 running onserver 104 may access device 240 by sending a transaction request including the symbolic link for device 240 tooperating system 170.Operating system 170 may consult the Object Manager Namespace to retrieve an address or other identifier for the device itself 240 or for a device object 281 associated with device 240. Using the retrieved address or identifier,operating system 170 forwards the transaction request for device 240 either directly, through a device object 281 ofdevice stack 280, and/or through virtual bus driver 260. Virtual bus driver 260 may direct the transaction request toagent 250, which sends the transaction request toproxy 210 overnetwork 106.Proxy 210 receives the transaction request fromagent 250, and directs the received transaction request tostub driver 220.Stub driver 220 then directs the transaction request to device 240 through bus driver 230. - Bus driver 230 receives the result of the transaction request from device 240 and sends the result of the transaction request to
stub driver 220.Stub driver 220 directs the result of the transaction request toproxy 210, which sends the result of the transaction request toagent 250 overnetwork 106.Agent 250 directs the result of the transaction request to virtual bus driver 260. Virtual bus driver 260 then directs the result of the transaction request toapplication 270 either directly or through a device object 281 ofdevice stack 280. - Thus, virtual bus driver 260 may receive transaction requests for device 240 from
application 270 and send results of the transaction requests back to application 270 (either directly or through a device object 281 of device stack 280). As such,application 270 may interact with virtual bus driver 260 in the same way as with a bus driver for a device that is connected locally toserver 104. Virtual bus driver 260 may hide the fact that it sends transaction requests toagent 250 and receives the results of the transaction requests fromagent 250 instead of a device that is connected locally toserver 104. As a result, device 240 connected toclient 102 may appear toapplication 270 as if the physical device 240 is connected locally toserver 104. - With media redirection, the server-side components (e.g., Microsoft's Remote Desktop Services that would be part of operating system 170) will forego rendering and instead send the unrendered media to the client terminal for rendering.
FIG. 3 illustrates how this media redirection would be performed inVDI environment 200. As shown,proxy 210, which would include an endpoint for each virtual channel employed to redirect media, can receive communications from the component ofoperating system 170 tasked with redirecting the particular media content. Whenproxy 210 receives unrendered media, it will render it onclient 102 in a suitable manner. In this way, the load of rendering the media is shifted from the server to the client. Additionally, because it prevents rendered content from being transmitted over the network, media redirection greatly reduces the load on the network. - In
FIGS. 2 and 3 ,remote desktop client 200 a is executed natively onclient 102 and therefore has full access to the components necessary for implementing device and media redirection. However, many remote desktop clients are now being implemented as browser-based (e.g., HTML5) remote desktop clients. In such cases, the users will employ the browser to access remote desktops and applications. - Because browsers are relatively unsecure, and because virtual channels provide a point of exploitation, protocol vendors do not support virtual channels in browser-based remote desktop clients. Browsers also limit access to the components necessary for performing redirection (e.g., the USB device stack). Therefore, browser-based remote desktop clients cannot implement device and media redirection—at least without significant modifications to the VDI environment.
-
FIG. 4 illustrates an example of aVDI environment 400 in which browser-based remote desktop clients are employed. As shown,server 104 remains generally the same as inVDI environment 200 in that it uses a remote display protocol (e.g., RDP) to communicate. However, because the remote desktop client onclient 102 is in the form of a browser-basedremote desktop client 450 that executes withinbrowser 150, it will be limited to using the Web Socket protocol (or possibly HTTP) to communicate. Therefore,VDI environment 400 will also include a gateway 410 (which could be a stand-alone server or could be incorporated into server 104) that acts as an intermediary for converting the remote display protocol communications into Web Socket data and vice versa. More specifically, when operatingsystem 170 sends remote display protocol communications with graphical display data,gateway 410 will convert the graphical display data into HTML5 content that can be rendered withinbrowser 150 using HTML5 Canvas technology. The user's keyboard, mouse or touch input that interfaces with the rendered HTML5 content will then be sent back using standard HTML5 keyboard and mouse input events. - The present invention extends to methods, systems, and computer program products for implementing a device and media redirection technique for a browser-based remote desktop client. A browser extension can be employed in conjunction with a browser-based remote desktop client to detect when the browser-based remote desktop client is attempting to establish a remote session. The browser extension can delay the establishment of the remote session until after the browser extension has registered to receive notifications pertaining to the remote session. Once the remote session is established, the browser extension will be notified and provided details of the remote session. The browser extension can then provide these details to the client-side proxy to enable the proxy to commence redirecting devices to or redirecting media from the remote session.
- In some embodiments, the present invention can be implemented by a browser extension as a method for performing redirection when a browser-based remote desktop client establishes a remote session. The browser extension can detect that a browser-based remote desktop client is attempting to establish a remote session for a user. Prior to the remote session being established, the browser extension can send a request to be notified of state changes in any remote session that the user establishes. In response to the remote session being establishes, the browser extension receives redirection information for the remote session. This redirection information can include a session identifier of the remote session. The browser extension can then send the redirection information to a proxy that is executing on the client to thereby enable the proxy to commence redirection in the remote session established by the browser-based remote desktop client.
- In other embodiments, the present invention can be implemented as a method for performing redirection when a browser-based remote desktop client establishes a remote session. A browser extension on a client can detect that a user is attempting to establish a remote session on a server from a browser-based remote desktop client. The browser extension can delay the user's attempt until after the browser extension has registered to receive notifications of state changes in any remote session that the user establishes. The browser extension can register to receive notifications by obtaining a username of the user from the browser-based remote desktop client and sending the username of the user to a management server. The browser extension will then receive, from the management server, a notification that a remote session has been established for the user. This notification can include a session identifier of the remote session and an IP address of the server on which the remote session was established. The browser extension will then send the session identifier and the IP address of the server to a proxy that is executing on the client outside of the browser.
- In other embodiments, the present invention can be implemented as a method for performing redirection when a browser-based remote desktop client establishes a remote session. A browser extension on a client detects that a browser-based remote desktop client is attempting to establish a remote session for a user on a server and obtains, from the browser-based remote desktop client, an identifier of the server and a username of the user. Prior to the remote session being established, the browser extension sends a request to be notified of state changes in any remote session that the user establishes. This request includes the identifier of the server, the username of the user and a client IP address at which the browser extension receives notifications. The browser extension then receives a notification that a remote session has been established for the user on the server. This notification includes a session identifier of the remote session and a server IP address. The browser extension sends the session identifier and the server IP address to a proxy that is executing on the client outside of the browser. The proxy then employs the session identifier and the server IP address to commence redirection of one or more of a device or media within the remote session.
- This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter.
- Understanding that these drawings depict only typical embodiments of the invention and are not therefore to be considered limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
-
FIG. 1 illustrates an example computing environment in which the present invention can be implemented; -
FIG. 2 illustrates how a USB device can be redirected from a client terminal to a server when the remote desktop client is executed natively; -
FIG. 3 illustrates how media can be redirected from the server to the client terminal when the remote desktop client is executed natively; -
FIG. 4 illustrates a VDI environment in which the remote desktop client is browser-based and therefore unable to perform device and media redirection using virtual channels; -
FIG. 5 illustrates a VDI environment that is configured in accordance with embodiments of the present invention; -
FIGS. 6A-6F illustrate how a browser extension can be employed to enable redirection in VDI environments that include a browser-based remote desktop client; and -
FIG. 7 provides a flowchart of an example method for implementing redirection when a browser-based remote desktop client establishes a remote session. - In this specification and the claims, the term “browser-based remote desktop client” should be construed to encompass an HTML5 remote desktop client or any other remote desktop client that executes within a browser. Therefore, a remote desktop client that executes within a browser and that is based on a subsequent HTML standard should also be considered a browser-based remote desktop client.
- The present invention provides a device and media redirection technique for a browser-based remote desktop client which leverages traditional redirection components. Device and media redirection can therefore be accomplished using the traditional components while also obtaining the benefits of architecture, operating system and browser independence that a browser-based remote desktop client provides.
-
FIG. 5 illustrates aVDI environment 500 that is configured in accordance with embodiments of the present invention.VDI environment 500 includes the same components asVDI environment 400 including browser-basedremote desktop client 450,gateway 410 andserver 104. Additionally, inVDI environment 500,client 102 includesproxy 210 andserver 104 includesagent 250, both of which can function in a similar manner as described in the background to implement device and media redirection.VDI environment 500 can also include a management server 550 (e.g., the Wyse Management Suite) which is tasked with managingclients 102 and the remote sessions they create. It is noted thatserver 104 andmanagement server 550 may oftentimes be separate virtual machines in a cloud environment, but any arrangement of physical or virtual machines could be employed. - As mentioned above, browser-based
remote desktop client 450 will only be enabled to access functionality thatbrowser 150 provides. Importantly, the functionality thatproxy 210 performs to implement redirection cannot simply be incorporated into browser-basedremote desktop client 450 becausebrowser 150 does not enable the functionality. To address this issue, the present invention provides abrowser extension 510 that, in general terms, links a remote session established by browser-basedremote desktop client 450 withproxy 210 for the purpose of enablingproxy 210 to establish virtual channels within the remote session so that devices or media can be redirected. -
FIGS. 6A-6F illustrate howbrowser extension 510 enables redirection withinVDI environment 500. InFIG. 6A , it will be assumed that the user has navigated his or her browser to cause a login screen of browser-basedremote desktop client 450 to be displayed. Typically, this login screen will prompt the user to input a URL that identifies the VDI server, a username and a password (unless such information has already been stored). In this context, the VDI server could represent the connection manager, broker or other architecture that handles the login and establishment of a remote session. The login screen may also prompt the user for a domain name or other connection information that will be used to establish the requested remote session. Accordingly, step la represents that the user has provided input that identifies a URL of the VDI server (https://some_url), the user's username for logging in to remote sessions (UserId_1) and the user's password (Password_1). - In accordance with embodiments of the present invention,
browser extension 510 can be configured to delay the submission of the login request momentarily. In particular, instep 1 b,browser extension 510 is shown as obtaining and caching the login details 600 before browser-basedremote desktop client 450 submits the user's request to the VDI server. Then, instep 1 c, which is also performed prior to the submission of the user's request,browser extension 510 sends aregistration request 610 tomanagement server 550.Registration request 610 includes the VDI server name (https://some_url) and the username (UserId_1) as well as the hostname (hostname_1) and IP address (216.10.237.130) ofclient terminal 102.Registration request 610 functions as a request to be notified when changes in the state of a corresponding session occur. In this example therefore,registration request 610 constitutes a request thatbrowser extension 510 be notified of changes in the state of a session that is established for the user having a username of UserID_1. - Turning to
FIG. 6B , instep 2 a,browser extension 510 will receiveregistration confirmation 611 frommanagement server 550 which indicates thatbrowser extension 510 has been successfully registered to receive notifications of state changes in any remote session that UserID_1 establishes.Management server 550 is shown as storinginformation 610 a fromregistration request 610 to represent this successful registration. As will be described below,management server 550 usesinformation 610 a to identify and communicate withbrowser extension 510 when state changes in UserID_1's session occur. Importantly,browser extension 510 prevents browser-basedremote desktop client 450 from initiating the remote session until afterbrowser extension 510 has successfully registered withmanagement server 550. This is to ensure thatbrowser extension 510 will be notified when the remote session is established. Accordingly, instep 2 b, after receivingregistration confirmation 611,browser extension 510 allows browser-basedremote desktop client 450 to send the login details to the VDI server in order to establish a remote session. - Turning to
FIG. 6C , in response to step 2 b, a remote session will be established on server 104 (which may typically be a virtual machine that may already have a number of active remote sessions).Server 104 will include an instance of agent 250 (or a similar agent such as a component of management server 550) that is configured to be notified whenever a session is connected onserver 104. For example, in a Windows environment,agent 250 can register to be notified of such session change events by calling WTSRegisterSessionNotification and specifying the NOTIFY_FOR_ALL_SESSIONS flag. In such a case, and as represented bystep 3 a, when the remote session is established for UserID_1,operating system 170 will send agent 250 asession connect notification 620 which may be in the form of a WM_WTSSESSION_CHANGE message that specifies WTS_REMOTE_CONNECT (representing that a session was connected to a remote terminal) along with a session identifier that has been assigned to the connected session (which is assumed to be SessionID_10 in this example). - Using the session identifier specified in session connect
notification 620,agent 250 can obtain the username associated with the session (e.g., by calling WTSQuerySessionInformation) and can also obtain the IP address (which is assumed to be 143.166.135.58) and port number (which is assumed to be 55112) ofserver 104. The IP address and port number are those that are necessary to allowproxy 210 to establish a virtual channel withagent 250 as will be described below. Instep 3 b,agent 250 can provide this session connectinformation 621 tomanagement server 550. - Turning to
FIG. 6D , upon receiving session connectinformation 621,management server 550, instep 4 a, can compare the username specified in the received session connect information 621 (UserID_1) to the username associated with the information stored from any registration request. In particular, at any given time, a number ofbrowser extensions 510 on a number ofclients 102 may be registered to receive state change notifications. Therefore,management server 550 can employ the username specified in the particularsession connection information 621 to identify which, if any, browser extension has registered to be notified of state changes for the particular session. In this example, UserID_1 as specified insession connection information 621 will match UserID_1 as stored withinformation 610 a, and therefore,management server 550 can determine thatbrowser extension 510 executing on aclient 102 having a hostname of hostname_1 and an IP address of 216.10.237.130 should be notified. Based on this determination,management server 550 can sendredirection information 630 tobrowser extension 510. As shown, thisredirection information 630 can include the session identifier assigned to the remote session that was established by browser-basedremote desktop client 450, and the IP address and port number necessary for communicating withagent 250 via a virtual channel.Redirection information 630 is also shown as including UserID_1 although the username may be unnecessary given thatbrowser extension 510 already knows it. - Turning to
FIG. 6E , instep 5 a,browser extension 510routes redirection information 630 toproxy 210. Ifredirection information 630 as received frommanagement server 550 does not include the username,browser extension 510 can include the username that it previously cached (in login details 600) in theredirection information 630 that it sends toproxy 210. - Given that
browser extension 510 executes withinbrowser 150 whileproxy 210 is executed natively, traditional techniques for sharing information cannot be employed. Instead,proxy 210 can be configured to implement a web server so thatbrowser extension 510 can sendredirection information 630 via a browser-supported protocol such as HTTP. However, current browsers block requests that target a different domain (e.g., the localhost domain which will be proxy 210's domain) from the domain that served the current page (e.g., https://some_url). This is known as the same-origin policy. To get around this limitation, because the same-origin policy does not block image requests from different domains,browser extension 510 may employ the JavaScript Image class which allows an image to be requested from any domain, andproxy 210 can be configured to return the requested image. - To convey
redirection information 630 as part of the image request,browser extension 510 can append a query string to the URL assigned to the source property of the image. For example, assumingproxy 210 is listening on port 60000, browser extension could set the source property of the image to: -
- http://localhost:60000/image.gif?username=UserID_1&sessionID=SessionID_10& IP=143.166.135.58&Port=55112
- Accordingly, although
browser extension 510 is requesting the image named image.gif (whichproxy 210 can return to ensure that an error does not occur),browser extension 510 is also passingredirection information 630 toproxy 210. - Next, in
step 5 b,proxy 210 can useredirection information 630 to establish virtual channels for implementing device or media redirection. Notably, at this point,proxy 210,agent 250 andoperating system 170 can implement redirection in a typical manner even though the remote session is being maintained by browser-basedremote display client 450 withinbrowser 150. In particular, the graphical display data and user input events will be sent betweenoperating system 170 and browser-basedremote desktop client 450 using the WebSocket protocol and viagateway 410, while device redirection communications will be sent directly betweenproxy 210 andagent 250 via virtual channels and media redirection communications will be sent betweenoperating system 170 andproxy 210. - Finally,
FIG. 6F represents the steps that are taken when the remote session is disconnected to ensure that any redirection is also terminated. Instep 6 a, it is assumed that browser-basedremote desktop client 450's remote session has been disconnected, and therefore,operating system 170 will send agent 250 (or another agent) asession disconnect notification 640. As shown,session disconnect notification 640 may be in the form of a WM_WTSSESSION_CHANGE message that specifies WTS_REMOTE_DISCONNECT and the session identifier of the disconnected session (SessionID_10). Instep 6 b,agent 250 can employ the session identifier insession disconnect notification 640 to obtain the username (UserID_1) and then send asession disconnect notification 640 a, which includes the username and possibly other information, tomanagement server 550. Instep 6 c,management server 550 will employ the username specified insession disconnect notification 640 a to identify the IP address and hostname for browser extension 410 (which is stored ininformation 610 a) and use it to send adisconnect notification 640 b tobrowser extension 510. Instep 6 d,browser extension 510 will send adisconnect notification 640 c to proxy 210 (e.g., by again employing the URL in the source property of an image to specify a query string that includes an instruction to cease redirection (e.g., http://localhost:60000/image.gif?session disconnected)). Instep 6 e,proxy 210 will disconnect any virtual channels and cease redirection. - In summary, the functionality performed by
browser extension 510 provides the natively executedproxy 210 with the information it needs to implement redirection in a remote session that a remote desktop client executing in a browser has established. Onceproxy 210 receives this information, it can implement redirection in a traditional manner. As a result, the benefits of hosting the remote desktop client within the browser can be obtained without sacrificing redirection functionality. -
FIG. 7 provides a flowchart of anexample method 700 for implementing redirection when a browser-based remote desktop client establishes a remote session.Method 700 can be implemented bybrowser extension 510 withinVDI environment 500. -
Method 700 includes anact 701 of detecting that a browser-based remote desktop client is attempting to establish a remote session for a user. For example,browser extension 510 can detect that a user has input login details into a login page of browser-basedremote desktop client 450. -
Method 700 includes anact 702 of, prior to the remote session being established, sending a request to be notified of state changes in any remote session that the user establishes. For example,browser extension 510 can sendregistration request 610 tomanagement server 550. -
Method 700 includes anact 703 of, in response to the remote session being establishes, receiving redirection information for the remote session, the redirection information including a session identifier of the remote session. For example,browser extension 510 can receiveredirection information 630 frommanagement server 550. -
Method 700 includes anact 704 of sending the redirection information to a proxy that is executing on the client to thereby enable the proxy to commence redirection in the remote session established by the browser-based remote desktop client. For example,browser extension 510 can sendredirection information 630 toproxy 210 to enableproxy 210 to establish one or more virtual channels within the remote session established by browser-basedremote desktop client 450. - Embodiments of the present invention may comprise or utilize special purpose or general-purpose computers including computer hardware, such as, for example, one or more processors and system memory. Embodiments within the scope of the present invention also include physical and other computer-readable media for carrying or storing computer-executable instructions and/or data structures. Such computer-readable media can be any available media that can be accessed by a general purpose or special purpose computer system.
- Computer-readable media is categorized into two disjoint categories: computer storage media and transmission media. Computer storage media (devices) include RAM, ROM, EEPROM, CD-ROM, solid state drives (“SSDs”) (e.g., based on RAM), Flash memory, phase-change memory (“PCM”), other types of memory, other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other similarly storage medium which can be used to store desired program code means in the form of computer-executable instructions or data structures and which can be accessed by a general purpose or special purpose computer. Transmission media include signals and carrier waves.
- Computer-executable instructions comprise, for example, instructions and data which, when executed by a processor, cause a general purpose computer, special purpose computer, or special purpose processing device to perform a certain function or group of functions. The computer executable instructions may be, for example, binaries, intermediate format instructions such as assembly language or P-Code, or even source code.
- Those skilled in the art will appreciate that the invention may be practiced in network computing environments with many types of computer system configurations, including, personal computers, desktop computers, laptop computers, message processors, hand-held devices, multi-processor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, mobile telephones, PDAs, tablets, pagers, routers, switches, and the like.
- The invention may also be practiced in distributed system environments where local and remote computer systems, which are linked (either by hardwired data links, wireless data links, or by a combination of hardwired and wireless data links) through a network, both perform tasks. In a distributed system environment, program modules may be located in both local and remote memory storage devices. An example of a distributed system environment is a cloud of networked servers or server resources. Accordingly, the present invention can be hosted in a cloud environment.
- The present invention may be embodied in other specific forms without departing from its spirit or essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/057,676 US11038968B2 (en) | 2018-08-07 | 2018-08-07 | Device and media redirection technique for a browser-based remote desktop client |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/057,676 US11038968B2 (en) | 2018-08-07 | 2018-08-07 | Device and media redirection technique for a browser-based remote desktop client |
Publications (2)
Publication Number | Publication Date |
---|---|
US20200053162A1 true US20200053162A1 (en) | 2020-02-13 |
US11038968B2 US11038968B2 (en) | 2021-06-15 |
Family
ID=69407296
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/057,676 Active 2039-02-24 US11038968B2 (en) | 2018-08-07 | 2018-08-07 | Device and media redirection technique for a browser-based remote desktop client |
Country Status (1)
Country | Link |
---|---|
US (1) | US11038968B2 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170093737A1 (en) * | 2015-09-28 | 2017-03-30 | Arris Enterprises Llc | Domain name system response spoofing at customer premise equipment device |
CN111459589A (en) * | 2020-03-30 | 2020-07-28 | 深信服科技股份有限公司 | Redirection processing method, virtual desktop infrastructure and readable storage medium |
US10798201B2 (en) * | 2019-02-04 | 2020-10-06 | Dell Products L.P. | Redirecting USB devices via a browser-based virtual desktop infrastructure application |
EP3979605A1 (en) * | 2020-09-30 | 2022-04-06 | Ricoh Company, Ltd. | Protocol conversion for remote access from information terminal |
US11429395B2 (en) * | 2020-01-02 | 2022-08-30 | Jpmorgan Chase Bank, N.A. | Peripheral device support in thin client environments |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140222894A1 (en) * | 2013-02-04 | 2014-08-07 | Oracle International Corporation | Javascript api for webrtc |
US20140372509A1 (en) * | 2013-06-14 | 2014-12-18 | Andrew T. Fausak | Web-based transcoding to clients for client-server communication |
US20150120804A1 (en) * | 2013-10-24 | 2015-04-30 | Jeffrey T. Eschbach | Method and system for capturing web content from a web server |
US20150341383A1 (en) * | 2014-05-23 | 2015-11-26 | Citrix Systems, Inc. | Protect applications from session stealing/hijacking attacks by tracking and blocking anomalies in end point characteristics throughout a user session |
US20160094539A1 (en) * | 2014-09-30 | 2016-03-31 | Citrix Systems, Inc. | Systems and methods for performing single sign-on by an intermediary device for a remote desktop session of a client |
US20180219849A1 (en) * | 2017-01-31 | 2018-08-02 | Glance Networks, Inc. | Method and Apparatus for Enabling Co-Browsing of Third Party Websites |
US20180349283A1 (en) * | 2017-06-03 | 2018-12-06 | Vmware, Inc. | Video redirection in virtual desktop environments |
US10462216B1 (en) * | 2018-05-04 | 2019-10-29 | Citrix Systems, Inc. | WebRTC API redirection with interception techniques |
US20190386961A1 (en) * | 2018-06-19 | 2019-12-19 | Cisco Technology, Inc. | Proxy-based clientless vpn with web browser proxy auto-configuration (pac) file and extension |
US10545625B2 (en) * | 2017-09-11 | 2020-01-28 | Citrix Systems, Inc. | Redirection of web content |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8010630B2 (en) * | 2007-12-06 | 2011-08-30 | Wyse Technology Inc. | Local device redirection |
US8739252B2 (en) * | 2009-02-03 | 2014-05-27 | Inbay Technologies Inc. | System and method for secure remote access |
US8504818B2 (en) * | 2010-04-15 | 2013-08-06 | Microsoft Corporation | Method and system for reliable protocol tunneling over HTTP |
US8866701B2 (en) * | 2011-03-03 | 2014-10-21 | Citrix Systems, Inc. | Transparent user interface integration between local and remote computing environments |
US9473581B2 (en) * | 2013-02-04 | 2016-10-18 | Oracle International Corporation | Integrated web-enabled session border controller |
EP2813945A1 (en) * | 2013-06-14 | 2014-12-17 | Tocario GmbH | Method and system for enabling access of a client device to a remote desktop |
US9961112B2 (en) * | 2015-04-20 | 2018-05-01 | Bomgar Corporation | Method and apparatus for enforcing realtime access controls for endpoints |
US10587713B2 (en) * | 2017-02-14 | 2020-03-10 | Wyse Technology L.L.C. | Proxy for sharing remote desktop sessions |
-
2018
- 2018-08-07 US US16/057,676 patent/US11038968B2/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140222894A1 (en) * | 2013-02-04 | 2014-08-07 | Oracle International Corporation | Javascript api for webrtc |
US20140372509A1 (en) * | 2013-06-14 | 2014-12-18 | Andrew T. Fausak | Web-based transcoding to clients for client-server communication |
US20150120804A1 (en) * | 2013-10-24 | 2015-04-30 | Jeffrey T. Eschbach | Method and system for capturing web content from a web server |
US20150341383A1 (en) * | 2014-05-23 | 2015-11-26 | Citrix Systems, Inc. | Protect applications from session stealing/hijacking attacks by tracking and blocking anomalies in end point characteristics throughout a user session |
US20160094539A1 (en) * | 2014-09-30 | 2016-03-31 | Citrix Systems, Inc. | Systems and methods for performing single sign-on by an intermediary device for a remote desktop session of a client |
US20180219849A1 (en) * | 2017-01-31 | 2018-08-02 | Glance Networks, Inc. | Method and Apparatus for Enabling Co-Browsing of Third Party Websites |
US20180349283A1 (en) * | 2017-06-03 | 2018-12-06 | Vmware, Inc. | Video redirection in virtual desktop environments |
US10545625B2 (en) * | 2017-09-11 | 2020-01-28 | Citrix Systems, Inc. | Redirection of web content |
US10462216B1 (en) * | 2018-05-04 | 2019-10-29 | Citrix Systems, Inc. | WebRTC API redirection with interception techniques |
US20190386961A1 (en) * | 2018-06-19 | 2019-12-19 | Cisco Technology, Inc. | Proxy-based clientless vpn with web browser proxy auto-configuration (pac) file and extension |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170093737A1 (en) * | 2015-09-28 | 2017-03-30 | Arris Enterprises Llc | Domain name system response spoofing at customer premise equipment device |
US11082353B2 (en) * | 2015-09-28 | 2021-08-03 | Arris Enterprises Llc | Domain name system response spoofing at customer premise equipment device |
US10798201B2 (en) * | 2019-02-04 | 2020-10-06 | Dell Products L.P. | Redirecting USB devices via a browser-based virtual desktop infrastructure application |
US11429395B2 (en) * | 2020-01-02 | 2022-08-30 | Jpmorgan Chase Bank, N.A. | Peripheral device support in thin client environments |
US20220413872A1 (en) * | 2020-01-02 | 2022-12-29 | Jpmorgan Chase Bank, N.A. | Peripheral device support in thin client environments |
US11822929B2 (en) * | 2020-01-02 | 2023-11-21 | Jpmorgan Chase Bank, N.A. | Peripheral device support in thin client environments |
CN111459589A (en) * | 2020-03-30 | 2020-07-28 | 深信服科技股份有限公司 | Redirection processing method, virtual desktop infrastructure and readable storage medium |
EP3979605A1 (en) * | 2020-09-30 | 2022-04-06 | Ricoh Company, Ltd. | Protocol conversion for remote access from information terminal |
US11729334B2 (en) | 2020-09-30 | 2023-08-15 | Ricoh Company, Ltd. | Communication system, device, and recording medium for remote access to electronic device through relaying device and converter |
Also Published As
Publication number | Publication date |
---|---|
US11038968B2 (en) | 2021-06-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11038968B2 (en) | Device and media redirection technique for a browser-based remote desktop client | |
US10313448B2 (en) | Employing an auxiliary device to implement USB device redirection | |
US10142425B2 (en) | Session reliability for a redirected USB device | |
US10530881B2 (en) | Redirecting scanners and printers over a WAN | |
US10182126B2 (en) | Multilevel redirection in a virtual desktop infrastructure environment | |
KR20150013860A (en) | Clientless cloud computing | |
US10223321B2 (en) | Combining redirected USB interfaces into a single composite device | |
US11544344B2 (en) | Remote web browsing service | |
US10152402B2 (en) | Supporting multiple streams for a redirected USB device | |
US10235189B2 (en) | Isolating a redirected smart card reader to a remote session | |
JP2004086895A (en) | System and method for enabling components on arbitrary networks to communicate | |
US8583793B2 (en) | System and method for providing a hypertext transfer protocol service multiplexer | |
US11533349B2 (en) | Perhipheral device sharing over peer-to-peer connection | |
US20170171289A1 (en) | Gateway that enables a browser-based application to communicate with a server-side application using a non-browser-compatable protocol | |
US10798097B2 (en) | Intelligent redirection of authentication devices | |
CN113924551A (en) | Method and system for accessing remotely stored files using virtual applications | |
US10834164B2 (en) | Virtualizing audio and video devices using synchronous A/V streaming | |
US10742776B1 (en) | Accelerating isochronous endpoints of redirected USB devices | |
US9292358B2 (en) | Remotely retrieving information from consumer devices | |
US10798201B2 (en) | Redirecting USB devices via a browser-based virtual desktop infrastructure application | |
US11196799B2 (en) | Redirection of USB devices from hardware isolated virtual desktop infrastructure clients | |
US11316854B2 (en) | Reverse authentication in a virtual desktop infrastructure environment | |
US11546157B2 (en) | Adaptive identification systems and methods | |
US20240012696A1 (en) | Exposing standardized events within an api proxy system | |
WO2024021031A1 (en) | Sending dns traffic to service-specific dns server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: DELL PRODUCTS L.P., TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:VAJRAVEL, GOKUL THIRUCHENGODE;KS, SANDEEP;REEL/FRAME:046584/0373 Effective date: 20180620 |
|
AS | Assignment |
Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., TEXAS Free format text: SECURITY AGREEMENT;ASSIGNORS:CREDANT TECHNOLOGIES, INC.;DELL INTERNATIONAL L.L.C.;DELL MARKETING L.P.;AND OTHERS;REEL/FRAME:049452/0223 Effective date: 20190320 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
AS | Assignment |
Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., TEXAS Free format text: SECURITY AGREEMENT;ASSIGNORS:CREDANT TECHNOLOGIES INC.;DELL INTERNATIONAL L.L.C.;DELL MARKETING L.P.;AND OTHERS;REEL/FRAME:053546/0001 Effective date: 20200409 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, NORTH CAROLINA Free format text: SECURITY AGREEMENT;ASSIGNORS:DELL PRODUCTS, L.P.;EMC IP HOLDING COMPANY LLC;REEL/FRAME:057682/0830 Effective date: 20211001 |